This patch enables Trusted Boot on the i.MX8MM with BL2 doing image
verification from a FIP prior to hand-over to BL31.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I3c22783a5c49544d0bace8ef3724784b9b7cc64a
Adds a number of definitions consistent with the established WaRP7
equivalents specifying number of io_handles and block devices.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: If1d7ef1ad3ac3dfc860f949392c7534ce8d206e3
Allows for exporting of FIP related methods cleanly in a private header.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I8523f1370312ed22ff7ca710cd916be52f725e3c
TZC400 is configured to raise an interrupt in case of faulty access.
Call the new added tzc400_it_handler, in case this interrupt occurs.
Change-Id: Iaf4fa408a8eff99498042e11e2d6177bad39868c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
On STM32MP15, only filters 0 and 1 are used.
Use TZC_400_REGION_ATTR_FILTER_BIT() macro for those 2 filters 0 and 1
instead of U(3).
Change-Id: Ibc61823842ade680f59d5b66b8db59b6a30080e4
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Addresses the deprecation warning produced by
drivers/arm/gic/common/gic_common.c.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Change-Id: I1a3ff4835d0f94c74b405db10622e99875ded82b
BIT24 of IPI command header is used to determine if caller is
secure or non-secure.
Mark BIT24 of IPI command header as non-secure if SMC caller
is non-secure.
Signed-off-by: Tejas Patel <tejas.patel@xilinx.com>
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: Iec25af8f4b202093f58e858ee47cd9cd46890267
Versal is a72 based that's why there is no reason to build low level
assemble code for a53.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: Iff9cf2582102d951825b87fd9af18e831ca717d6
The FF-A v1.0 spec allows two configurations for the number of EC/vCPU
instantiated in a Secure Partition:
-A MultiProcessor (MP) SP instantiates as many ECs as the number of PEs.
An EC is pinned to a corresponding physical CPU.
-An UniProcessor (UP) SP instantiates a single EC. The EC is migrated to
the physical CPU from which the FF-A call is originating.
This change permits exercising the latter case within the TF-A-tests
framework.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I7fae0e7b873f349b34e57de5cea496210123aea0
Compiling BL31 for the Rockchip platform now produces a message about
the deprecation of gic_common.c.
Follow the advice and use include gicv2.mk instead.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Change-Id: I396b977d57975dba27cfed801ad5264bbbde2b5e
The case for value "VCOREFS_SMC_CMD_INIT" is not
terminated by a "break" statement.
Signed-off-by: Roger Lu <roger.lu@mediatek.com>
Change-Id: I56cc7c1648e101c0da6e77e592e6edbd5d37724e
1 Only enable domain D0 and D1:PCIe access 0xC0000000~0xC4000000;
2 Only enable domain D0 and D3(SCP) access 0x50000000~0x51400000;
Signed-off-by: Xi Chen <xixi.chen@mediatek.com>
Change-Id: Ic4f9e6d85bfd1cebdb24ffc1d14309c89c103b2a
Low Power Management (LPM) helps find a suitable configuration
for letting system entering idle or suspend with the most
resources off.
Change-Id: Ie6a7063b666cf338cff5bc972c9025b26de482eb
Signed-off-by: Roger Lu <roger.lu@mediatek.com>
Add support for ZU43DR, ZU46DR and ZU47DR to the list of zynqmp
devices. The ZU43DR, ZU46DR and ZU47DR RFSoC silicon id values are
0x7d, 0x78 and 0x7f.
Signed-off-by: Sandeep Gundlupet Raju <sandeep.gundlupet-raju@xilinx.com>
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: I566f707116d83475de7c87a6004ca96bf7bccebe
This commit fixes the wrong memory type, secure NOR flash
shall be mapped as MT_DEVICE.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Change-Id: I9c9ed51675d84ded675bb56b2e4ec7a08184c602
sbsa-ref in QEMU may create up to 512 cores.
This commit prepares the MP information to support 512 cores.
The number of xlat tables for spm_mm is also increased.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Change-Id: I2788eaf6d14e188e9b5d1102d359b2899e02df7c
* changes:
plat/marvell/armada: cleanup MSS SRAM if used for copy
plat/marvell: cn913x: allow CP1/CP2 mapping at BLE stage
plat/marvell/armada/common/mss: use MSS SRAM in secure mode
include/drivers/marvell/mochi: add detection of secure mode
plat/marvell: fix SPD handling in dram port
marvell: drivers: move XOR0/1 DIOB from WIN 0 to 1
drivers/marvell/mochi: add support for cn913x in PCIe EP mode
drivers/marvell/mochi: add missing stream IDs configurations
plat/marvell/armada/a8k: support HW RNG by SMC
drivers/rambus: add TRNG-IP-76 driver
This patch cleans up the MSS SRAM if it was used for MSS image
copy (secure boot mode).
Change-Id: I23f600b512050f75e63d59541b9c21cef21ed313
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Reviewed-on: https://sj1git1.cavium.com/c/IP/SW/boot/atf/+/30099
Reviewed-by: Stefan Chulski <stefanc@marvell.com>
Tested-by: sa_ip-sw-jenkins <sa_ip-sw-jenkins@marvell.com>
Map IO WIN to CP1 and CP2 at all stages including the BLE.
Do not map CP1/CP2 if CP_NUM is lower than 2 and 3 accordingly.
This patch allows access to CP1/CP2 internal registers at
BLE stage if CP1/CP2 are connected.
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Change-Id: Icf9ffdf2e9e3cdc2a153429ffd914cc0005f9eca
Reviewed-on: https://sj1git1.cavium.com/c/IP/SW/boot/atf/+/36939
Tested-by: sa_ip-sw-jenkins <sa_ip-sw-jenkins@marvell.com>
Reviewed-by: Stefan Chulski <stefanc@marvell.com>
Reviewed-by: Nadav Haklai <nadavh@marvell.com>
Reviewed-by: Yi Guo <yi.guo@cavium.com>
Reviewed-by: Ofer Heifetz <oferh@marvell.com>
The CP MSS IRAM is only accessible by CM3 CPU and MSS DMA.
In secure boot mode the MSS DMA is unable to directly load
the MSS FW image from DRAM to IRAM.
This patch adds support for using the MSS SRAM as intermediate
storage. The MSS FW image is loaded by application CPU into the
MSS SRAM first, then transferred to MSS IRAM by MSS DMA.
Such change allows the CP MSS image load in secure mode.
Change-Id: Iee7a51d157743a0bdf8acb668ee3d599f760a712
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Reviewed-by: Stefan Chulski <stefanc@marvell.com>
Reviewed-by: Grzegorz Jaszczyk <jaszczyk@marvell.com>
Removing the custom crash implementation and use
plat/common/aarch64/crash_console_helpers.S.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I045d42eb62bcaf7d1e18fbe9ab9fb9470e800215
* changes:
allwinner: Split native and SCPI-based PSCI implementations
allwinner: psci: Improve system shutdown/reset sequence
allwinner: psci: Drop .pwr_domain_pwr_down_wfi callback
allwinner: Separate code to power off self and other CPUs
Rename rd_n1e1_edge_scmi_plat_info array to plat_rd_scmi_info as the
same array is used to provide SCMI platform info across mulitple RD
platforms and is not resitricted to only RD-N1 and RD-E1 platforms.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: I42ba33e0afa3003c731ce513c6a5754b602ec01f
Now that we have a framework for the SMCCC TRNG interface, and the
existing Juno entropy code has been prepared, add the few remaining bits
to implement this interface for the Juno Trusted Entropy Source.
We retire the existing Juno specific RNG interface, and use the generic
one for the stack canary generation.
Change-Id: Ib6a6e5568cb8e0059d71740e2d18d6817b07127d
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The Juno Trusted Entropy Source has a bias, which makes the generated
raw numbers fail a FIPS 140-2 statistic test.
To improve the quality of the numbers, we can use the CPU's CRC
instructions, which do a decent job on conditioning the bits.
This adds a *very* simple version of arm_acle.h, which is typically
provided by the compiler, and contains the CRC instrinsics definitions
we need. We need the original version by using -nostdinc.
Change-Id: I83d3e6902d6a1164aacd5060ac13a38f0057bd1a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
NXP specifc macro SET_NXP_MAKE_FLAG is added.
NXP has pool of multiple IPs. This macro helps:
- In soc.mk, this macro help the selected IP source files to be included
for that SoC.
-- The set of IPs required for one NXP SoC is different to the set of IPs
required by another NXP SoC.
- For the same SoC,
-- For one feature, the IP may be required in both BL2 and BL31.
-- Without the above feature, that IP may be required in one.
This macro help in selecting the inclusion of source and header files to:
--- BL2 only
--- BL31 only
--- COMM (used by BL2 and BL31)
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I2cdb13b89aa815fc5219cf8bfb9666d0a9f78765
Currently we use the Juno's TRNG hardware entropy source to initialise
the stack canary. The current function allows to fill a buffer of any
size, but we will actually only ever request 16 bytes, as this is what
the hardware implements. Out of this, we only need at most 64 bits for
the canary.
In preparation for the introduction of the SMCCC TRNG interface, we
can simplify this Juno specific interface by making it compatible with
the generic one: We just deliver 64 bits of entropy on each call.
This reduces the complexity of the code. As the raw entropy register
readouts seem to be biased, it makes sense to do some conditioning
inside the juno_getentropy() function already.
Also initialise the TRNG hardware, if not already done.
Change-Id: I11b977ddc5417d52ac38709a9a7b61499eee481f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The DRAM port code issues a dummy write to SPD page-0 i2c address
in order to select this page for the forthcoming read transaction.
If the write buffer length supplied to i2c_write is not zero, this
call is translated to 2 bus transations:
- set the target offset
- write the data to the target
However no actual data should be transferred to SPD page-0 in order
to select it. Actually, the second transation never receives an ACK
from the target device, which caused the following error report:
ERROR: Status 30 in write transaction
This patch sets the buffer length in page-0 select writes to zero,
leading to bypass the data transfer to the target device.
Issuing the target offset command to SPD page-0 address effectively
selects this page for the read operation.
Change-Id: I4bf8e8c09da115ee875f934bc8fbc9349b995017
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Reviewed-on: https://sj1git1.cavium.com/24387
Tested-by: sa_ip-sw-jenkins <sa_ip-sw-jenkins@marvell.com>
Reviewed-by: Ofer Heifetz <oferh@marvell.com>
Reviewed-by: Moti Buskila <motib@marvell.com>
Add initialization for TRNG-IP-76 driver and support SMC call
0xC200FF11 used for reading HW RNG value by secondary bootloader
software for KASLR support.
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Change-Id: I1d644f67457b28d347523f8a7bfc4eacc45cba68
Reviewed-on: https://sj1git1.cavium.com/c/IP/SW/boot/atf/+/32688
Reviewed-by: Stefan Chulski <stefanc@marvell.com>
Reviewed-by: Ofer Heifetz <oferh@marvell.com>
Update TZC base address to align with the recent changes in the platform
memory map.
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I0d0ad528a2e236607c744979e1ddc5c6d426687a
Currently, BLs are mapping the GIC memory region as read-write
for all cores on boot-up.
This opens up the security hole where the active core can write
the GICR frame of fused/inactive core. To avoid this issue, disable
the GICR frame of all inactive cores as below:
1. After primary CPU boots up, map GICR region of all cores as
read-only.
2. After primary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
3. After secondary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
4. All unused/fused core's redistributor regions remain read-only and
write attempt to such protected regions results in an exception.
As mentioned above, this patch offers only the GICR memory-mapped
region protection considering there is no facility at the GIC IP
level to avoid writing the redistributor area.
These changes are currently done in BL31 of Arm FVP and guarded under
the flag 'FVP_GICR_REGION_PROTECTION'.
As of now, this patch is tested manually as below:
1. Disable the FVP cores (core 1, 2, 3) with core 0 as an active core.
2. Verify data abort triggered by manually updating the ‘GICR_CTLR’
register of core 1’s(fused) redistributor from core 0(active).
Change-Id: I86c99c7b41bae137b2011cf2ac17fad0a26e776d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
GIC memory region is not getting used in BL1 and BL2.
Hence avoid its mapping in BL1 and BL2 that freed some
page table entries to map other memory regions in the
future.
Retains mapping of CCN interconnect region in BL1 and BL2
overlapped with the GIC memory region.
Change-Id: I880dd0690f94b140e59e4ff0c0d436961b9cb0a7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
So far the ARM platform Makefile would require that RESET_TO_BL31 is set
when we ask for the ARM_LINUX_KERNEL_AS_BL33 feature.
There is no real technical reason for that, and the one place in the
code where this was needed has been fixed.
Remove the requirement of those two options to be always enabled
together.
This enables the direct kernel boot feature for the Foundation FVP
(as described in the documentation), which requires a BL1/FIP
combination to boot, so cannot use RESET_TO_BL31.
Change-Id: I6814797b6431b6614d684bab3c5830bfd9481851
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we have the somewhat artifical limitation of
ARM_LINUX_KERNEL_AS_BL33 only being used together with RESET_TO_BL31.
However there does not seem to be a good technical reason for that,
it was probably just to differentate between two different boot flows.
Move the initial register setup for ARM_LINUX_KERNEL_AS_BL33 out of the
RESET_TO_BL31 #ifdef, so that we initialise the registers in any case.
This allows to use a preloaded kernel image when using BL1 and FIP.
Change-Id: I832df272d3829f077661f4ee6d3dd9a276a0118f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The structure has been modified to specify the memory
size in bytes instead of Gigabytes.
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Change-Id: I3384677d79af4f3cf55d3c353b6c20bb827b5ae7
This patch removes the Neoverse N1 CPU errata workaround for
bug 1542419 as the bug is not present in Rainier R0P0 core.
Change-Id: Icaca299b13ef830b2ee5129576aae655a6288e69
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Secure pl061 qemu driver allows to rize the GPIO pin
from the secure world to reboot and power down
virtual machine.
Do not define secure-gpio for sbsa-ref platform due to
reboot is done via sbsa-ec watchdog.
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Change-Id: I508d7c5cf4c75cb169b34b00682a76f6761d3869
The NUM_APID value was derived from kernel device tree sources, but I
made a conversion mistake: the amount of bytes in the APID map is the
total size of the "core" register range (0x1100) minus the offset of the
APID map in that range (0x900). This is of course 0x1100 - 0x900 = 0x800
and not 0x200, so the amount of 4-byte integers it can fit is not 0x80
but 0x200. Fix this and make the math more explicit so it can be more
easily factored out and adjusted if that becomes necessary for a future
SoC.
Also fix a dangerous typo in REG_APID_MAP() where the macro would
reference a random variable `i` rather than its argument (`apid`), and
we just got lucky that the only caller in the current code happened to
pass in a variable called `i` as that argument.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I049dd044fa5aeb65be0e7b12150afd6eb4bac0fa
Increase the core count and add respective entries in DTS.
Add Klein assembly file to cpu sources for core initialization.
Add SCMI entries for cores.
Signed-off-by: Avinash Mehta <avinash.mehta@arm.com>
Change-Id: I14dc1d87df6dcc8d560ade833ce1f92507054747
When building TF-A with USE_ROMLIB=1 and -j make options, the build fails with the following error:
make[1]: *** No rule to make target '/build/juno/debug/romlib/romlib.bin', needed by 'bl1_romlib.bin'.
This patch fixes that issue.
Signed-off-by: Zelalem <zelalem.aweke@arm.com>
Change-Id: I0cca416f3f50f400759164e0735c2d6b520ebf84
* changes:
docs: marvell: Update info about WTMI_IMG option
plat: marvell: armada: a3k: Remove unused variable WTMI_SYSINIT_IMG from Makefile
plat: marvell: armada: Show informative build messages and blank lines
plat: marvell: armada: Move definition of mrvl_flash target to common marvell_common.mk file
plat: marvell: armada: a3k: Use $(Q) instead of @
plat: marvell: armada: a3k: Add a new target mrvl_uart which builds UART image
plat: marvell: armada: a3k: Build UART image files directly in $(BUILD_UART) subdirectory
plat: marvell: armada: a3k: Build intermediate files in $(BUILD_PLAT) directory
plat: marvell: armada: a3k: Correctly set DDR_TOPOLOGY and CLOCKSPRESET for WTMI
plat: marvell: armada: a3k: Allow use of the system Crypto++ library
docs: marvell: Update info about WTP and MV_DDR_PATH parameters
plat: marvell: armada: a3k: Add checks that WTP, MV_DDR_PATH and CRYPTOPP_PATH are correctly defined
docs: marvell: Update mv-ddr-marvell and A3700-utils-marvell branches
* changes:
allwinner: Leave CPU power alone during BL31 setup
allwinner: psci: Invert check in .validate_ns_entrypoint
allwinner: psci: Drop MPIDR check from .pwr_domain_on
allwinner: psci: Drop .get_node_hw_state callback
AMU counters are used for monitoring the CPU performance. RD-N2 platform
has architected AMU available for each core. Enable the use of AMU by
non-secure OS for supporting the use of counters for processor
performance control (ACPI CPPC).
Change-Id: I5cc749cf63c18fc5c7563dd754c2f42990a97e23
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
AMU counters are used for monitoring the CPU performance. RD-V1 platform
has architected AMU available for each core. Enable the use of AMU by
non-secure OS for supporting the use of counters for processor
performance control (ACPI CPPC).
Change-Id: I4003d21407953f65b3ce99eaa8f496d6052546e0
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Some of the PSCI platform callbacks were restricted on RD-V1 platform
because the idle was not functional. Now that it is functional, remove
all the restrictions on the use PSCI platform callbacks.
Change-Id: I4cb97cb54de7ee166c30f28df8fea653b6b425c7
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
It does not have to be supported by the current shell used in Makefile.
Replace it by a simple echo with implicit newline.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I97fe44986ac36d3079d5258c67f0c9184537e7f0
This change separates building of flash and UART images, so it is possible
to build only one of these images. Also this change allows make to build
them in parallel.
Target mrvl_flash now builds only flash image and mrvl_uart only UART
image. This change reflects it also in the documentation.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Ie9ce4538d52188dd26d99dfeeb5ad171a5b818f3
This removes need to move files and also allows to build uart and flash
images in parallel.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I13bea547d7849615e1c1e11d333c8c99e568d3f6
Currently a3700_common.mk makefile builds intermediate files in TF-A top
level directory and also outside of the TF-A tree. This change fixes this
issue and builds all intermediate files in $(BUILD_PLAT) directory.
Part of this change is also removal of 'rm' and 'mv' commands as there is
no need to remove or move intermediate files from outside of the TF-A build
tree.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I72e3a3024bd3fdba1b991a220184d750029491e9
When building WTMI image we need to correctly set DDR_TOPOLOGY and
CLOCKSPRESET variables which WTMI build system expect. Otherwise it use
default values.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Ib83002194c8a6c64a2014899ac049bd319e1652f
This change introduces two new A3720 parameters, CRYPTOPP_LIBDIR and
CRYPTOPP_INCDIR, which can be used to specify directory paths to
pre-compiled Crypto++ library and header files.
When both new parameters are specified then the source code of Crypto++ via
CRYPTOPP_PATH parameter is not needed. And therefore it allows TF-A build
process to use system Crypto++ library.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I6d440f86153373b11b8d098bb68eb7325e86b20b
These variables must contain a path to a valid directory (not a file) which
really exists. Also WTP and MV_DDR_PATH must point to either a valid Marvell
release tarball or git repository.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I1ad80c41092cf3ea6a625426df62b7d9d6f37815
Now that we have split the native and the SCPI version of the PSCI ops,
we can introduce build options to compile in either or both of them.
If one version is not compiled in, some stub functions make sure the
common code still compiles and makes the right decisions.
By default both version are enabled (as before), but one of them can be
disabled on the make command line, or via a platform specific Makefile.
Change-Id: I0c019d8700c0208365eacf57809fb8bc608eb9c0
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Samuel Holland <samuel@sholland.org>
In order to keep SCP firmware as optional, the original, limited native
PSCI implementation was kept around as a fallback. This turned out to be
a good decision, as some newer SoCs omit the ARISC, and thus cannot run
SCP firmware.
However, keeping the two implementations in one file makes things
unnecessarily messy. First, it is difficult to compile out the
SCPI-based implementation where it is not applicable. Second the check
is done in each callback, while scpi_available is only updated at boot.
This makes the individual callbacks unnecessarily complicated.
It is cleaner to provide two entirely separate implementations in two
separate files. The native implementation does not support any kind of
CPU suspend, so its callbacks are greatly simplified. One function,
sunxi_validate_ns_entrypoint, is shared between the two implementations.
Finally, the logic for choosing between implementations is kept in a
third file, to provide for platforms where only one implementation is
applicable and the other is compiled out.
Change-Id: I4914f07d8e693dbce218e0e2394bef15c42945f8
Signed-off-by: Samuel Holland <samuel@sholland.org>
- When the SCPI shutdown/reset command returns success, the SCP is
still waiting for the CPU to enter WFI. Do that.
- Peform board-level poweroff before CPU poweroff. If there is a PMIC
available, it will turn everything off including the CPUs, so doing
CPU poweroff first is a waste of cycles.
- During poweroff, attempt to turn off the local CPU using the ARISC.
This should use slightly less power than just an infinite WFI.
- Drop the WFI in the reset failure path. The panic will hang anyway.
Change-Id: I897efecb3fe4e77a56041b97dd273156ec51ef8e
Signed-off-by: Samuel Holland <samuel@sholland.org>
When operating on the local cpu, sunxi_cpu_power_off_self() only "arms"
the ARISC to perform the power-off process; the SCP waits for the CPU to
enter WFI before acutally powering it off. Since this matches the
expected split between .pwr_domain_off and .pwr_domain_pwr_down_wfi, we
can move the sunxi_cpu_power_off_self() call to sunxi_pwr_domain_off().
Since that change makes sunxi_pwr_down_wfi() equivalent to the default
implementation, the callback is no longer needed.
Change-Id: I7d65f66c550d1c69fa5e9945affd7a25b3d3ef42
Signed-off-by: Samuel Holland <samuel@sholland.org>
Currently, sunxi_cpu_off() has two separate code paths: one for the
local CPU, and one for other CPUs. Let's split them in to two functions.
This actually simplifies things, because all callers either operate on
the local CPU only (sunxi_pwr_down_wfi()) or other CPUs only
(sunxi_cpu_power_off_others()). This avoids needing a second MPIDR read
to choose the appropriate code path.
Change-Id: I55de85025235cc95466bfa106831fc4c2368f527
Signed-off-by: Samuel Holland <samuel@sholland.org>
Disabling secondary CPUs during boot is unnecessary because the other
CPUs are already in reset, and it saves an entirely insignificant amount
of power. Let's remove this bit of code that was added mostly "because
we can", and along with it remove an unconditional dependency on the CPU
ops functions.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: Ia77a1b722da6ba989c3992b656a6cde3f2238fd7
Checking the exceptional case and letting the success case fall through
is not only more idiomatic, but it also allows adding more exceptional
cases in the future, such as a check for overlapping secure DRAM.
Change-Id: I720441a6a8853fd7f211ebe851f14d921a6db03d
Signed-off-by: Samuel Holland <samuel@sholland.org>
This duplicated the logic in psci_validate_mpidr() which was already
called from psci_cpu_on().
Change-Id: I96ee92f1ce3e9cc2985b4e229ba86ebd27b79915
Signed-off-by: Samuel Holland <samuel@sholland.org>
This optional PSCI function was only implemented when SCPI was
available. However, the underlying SCPI function is not able to fulfill
the necessary contract. First, the SCPI protocol has no way to represent
HW_STANDBY at the CPU power level. Second, the SCPI implementation
maintains its own logical view of power states, and its implementation
of SCPI_CMD_GET_CSS_POWER_STATE does not actually query the hardware.
Thus it cannot provide "the physical view of power state", as required
for this function by the PSCI specification.
Since the function is optional, drop it.
Change-Id: I5f3a0810ac19ddeb3c0c5d35aeb09f09a0b80c1d
Signed-off-by: Samuel Holland <samuel@sholland.org>
The base address of UART peripheral should be given in R0, not in R1.
Otherwise the console_stm32_core_flush issues an assert message.
This issue was highlighted with recent changes in console flush functions.
Change-Id: Iead01986fdbbf30ad2fd9fa515a1d2b611b4e591
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The issue is that, when interrupt is triggered and RAS handler
is entered, after interrupt handler finishes, TF-A will re-enter
bl32 and then crash.
sdei_dispatch_event() may return failing result in some cases,
for example kernel may not have registered a handler or RAS event
may happen early during boot. We restore the NS context when
sdei_dispatch_event() returns failing result.
error log :
Received delegated event
X0 : 0xC4000061
X1 : 0x0
X2 : 0x0
X3 : 0x0
Received event - 0xC4000061 on cpu 0
UnRecognized Event - 0xC4000061
Failed delegated event 0xC4000061, Status Invalid Parameter
Unhandled Exception in EL3.
x30 = 0x000000000401f700
x0 = 0xfffffffffffffffe
x1 = 0xfffffffffffffffe
x2 = 0x00000000600003c0
Signed-off-by: Ming Huang <huangming@linux.alibaba.com>
Change-Id: I9802e9a32eee0ac3b5a8bcc0362d0b0e3b71dc9f
Turn ON/OFF GIC redistributor in sync with GIC CPU interface ON/OFF.
Issue :
The Linux prompt hangs when all the cores in a cluster are turned OFF
and we try to turn ON a core in that cluster. Previously when TF-A turns
ON a core, TF-A first turns ON the redistributor followed by the core.
This did not match the flow when turning OFF a core, as TF-A did not
turn OFF redistributor when the corresponding core[s] are disabled.
This hang is resolved by disabling redistributor as cores are disabled,
keeping them in sync.
Signed-off-by: Jagadeesh Ujja <jagadeesh.ujja@arm.com>
Change-Id: Ifd04fdcfd47b45e00f874f15b098471883d023f0
Some switch cases uses same operation. So, club switch cases
which uses same operation and remove duplicate code.
Signed-off-by: Rajan Vaja <rajan.vaja@xilinx.com>
Change-Id: I260b474c0ff3f2ca102c32d4af2e4abba2b8f57c
This allows PSCI in TF-A to signal platform power states to QEMU
via a controller in secure space.
This required a sbsa-ref specific version of PSCI functions for the
platform. Also adjusted the MMU range to also include the new EC.
Add a new MMU region for the embedded controller and increase the
size of xlat tables by one for the new region.
Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
Change-Id: Iece8a88947f11e82ab8988e460a8a66ad175a5ee
sbsa-ref in QEMU creates clusers of 8 cores, it may create up to 512
cores in upto 64 clusters. Implement a qemu_sbsa specific topology file
and increase the BL31_SIZE to accommodate the bigger table sizes. Change
platform_def.h for new topology. Correct PLATFORM_CPU_PER_CLUSTER_SHIFT so
plat_helpers.S calculates correct result.
Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
Change-Id: Idc5d70394c0956b759ad2c86f9fda8f293f2cfa7
DEVICE2 is not currently used on qemu platform but is needed for
a future patch for qemu_sbsa platform. Change its definition to
RW and add it to all levels of arm-tf similar to DEVICE1 definition.
Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
Change-Id: I03495471bfd423b61ad44ec4953fb25f76aa54bf
Rather than re-create this file in multiple qemu variants instead
caclulate the shift needed to convert MPIDR to position.
Add a new PLATFORM_CPU_PER_CLUSTER_SHIFT define in platform_def.h
for both qemu and qemu_sbsa to enable this calculation.
Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
Change-Id: I0e3a86354aa716d95150a3a34b15287cd70c8fd2
When getting a stack protector canary value, check
if cpu supports FEAT_RNG and use that. Fallback to
old method of using a (hardcoded value ^ timer).
Signed-off-by: Tomas Pilar <tomas@nuviainc.com>
Change-Id: I8181acf8e31661d4cc82bc3a4078f8751909e725
Add DT node support for channel 0 where physical memory is split
between 32bit space and 64bit space.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I99a18dbb14cdb54100a836c16445242e430794e3
The HiHope RZ/G2M board from HopeRun consists of main board
(HopeRun HiHope RZ/G2M main board) and sub board(HopeRun
HiHope RZ/G2M sub board). The HiHope RZ/G2M sub board sits
below the HiHope RZ/G2M main board.
This patch adds the required board support to boot HopeRun HiHope
RZ/G2M board.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I3ed55aa4a2cc5c9d9cd6440e087bcd93186520c7
Include header ulcb_cpld.h in plat_pm.c only if RCAR_GEN3_ULCB
is enabled.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: Ie89223097c608265c50e32778e8df28feed82480
Move rcar plat code to common directory, so that the same
code can be re-used by both R-Car Gen3 and RZ/G2 platforms.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I1001bea1a8a9232a03ddbf6931ca3c764ba1e181
Move plat aarch64 code to common directory, so that the same
code can be re-used by both R-Car Gen3 and RZ/G2 platforms.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I66265e5e68bfcf5c3534965fb3549a145c782b47
Move DDR/QoS/PFC header files, so that the same code
can be re-used by both R-Car Gen3 and RZ/G2 platforms.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I2cc0ceda8d05b6b8d95a69afdc233dc0d098e850
Move rpc driver code to common directory, so that the same
code can be re-used by both R-Car Gen3 and RZ/G2 platforms.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I04805d720d95b8edcc14e652f897fadc7f432197
Move avs driver code to common directory, so that the same
code can be re-used by both R-Car Gen3 and RZ/G2 platforms.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I85d9fa8b6abf158ce2521f1696478f7c5339fc42
Move authentication driver code to common directory, so that the
same code can be re-used by both R-Car Gen3 and RZ/G2 platforms.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I02592dfc714998bf89b9feaa78f685ae36be6f59
Move dma driver code to common directory, so that the same
code can be re-used by both R-Car Gen3 and RZ/G2 platforms.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: Idce2e2f4e098cfc17219f963373d20ebf74e5b7c
Move watch driver code to common directory, so that the same
code can be re-used by both R-Car Gen3 and RZ/G2 platforms.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I235f2cde325a0feeadbfc4b7ee02e8b1186f7ea1
Move rom driver code to common directory, so that the same
code can be re-used by both R-Car Gen3 and RZ/G2 platforms.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I399dfb5eff186db76d26fa9c54bea88bee66789c
Move delay driver code to common directory, so that the same
code can be re-used by both R-Car Gen3 and RZ/G2 platforms.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I5e806bd0e0a0a4b436048513b7089db90ff9805f
Move console/scif driver code to common directory, so that the
same code can be re-used by both R-Car Gen3 and RZ/G2 platforms.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I0b15e4f4ffaaa99e77bcee32b1dad648eeadcd9b
Move pwrc driver code to common directory, so that the same
code can be re-used by both R-Car Gen3 and RZ/G2 platforms.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I75d91a44d872fe2296b15c700efacd5721385363
Move io driver code to common directory, so that the same
code can be re-used by both R-Car Gen3 and RZ/G2 platforms.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: Ic661e415c91a1fbfd5eee3bba86466037e51574b
Move eMMC driver code to common directory, so that the same
code can be re-used by both R-Car Gen3 and RZ/G2 platforms.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I7f3055709337327d1a1c9f563c14ad1626adb355
Move plat common sources to common directory, so that same
code can be re-used by both R-Car Gen3 and RZ/G2 platforms.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: Id2b1822c97cc50e3febaffc2e5f42b4d53809a17
Create a common directory and move the header and assembly files
so that the common code can be used by both Renesas R-Car Gen3 and
RZ/G2 platforms.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: Ia9a563a1c3c9f8c6f0d3cb82622deb2e155d7f6c
This patch fixes checkpatch warnings and replaces TAB with
space after #define macros.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I11f65d494997cbf612376fb120c27ef0166cdd3a
Sort the header includes alphabetically, fix typos and drop unneeded TAB
and replace it with space
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: Ieff84434877f58ec26c8351611059ad4e11a4e28
Sort the header includes alphabetically and fix checkpatch warnings.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I08fd0d12ee1d8d61391e8afc33f8c67fcf70c4e5
This implements support for UEFI secure variable storage
using standalone MM framework on qemu_sbsa platform.
Non-secure shared memory between UEFI and standalone MM
is allocated at the top of DRAM.
DRAM size of qemu_sbsa varies depends on the QEMU parameter,
so the non-secure shared memory is allocated by trusted firmware
and passed the base address and size to UEFI through device tree
"/reserved-memory" node.
Change-Id: I367191f408eb9850b7ec7761ee346b014c539767
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Add ability to support PS and System reset after idling the APU,
by reading the restart scope from the PMU.
Signed-off-by: Will Wong <willw@xilinx.com>
Signed-off-by: Rajan Vaja <rajan.vaja@xilinx.com>
Change-Id: I23c01725d8ebb71ad34be02ab204411b93620702
ATF is not checking PM version. Add version check in such
a way that it is compatible with current and newer version
of PM.
Signed-off-by: Rajan Vaja <rajan.vaja@xilinx.com>
Change-Id: Ia095d118121e6f75e8d320e87d5e2018068fa079
The current configuration of CPU windows on Armada 37x0 with 4 GB DRAM
can only utilize 3.375 GB of memory. This is because there are only 5
configuration windows, configured as such (in hexadecimal, also showing
ranges not configurable by CPU windows):
0 - 80000000 | 2 GB | DDR | CPU window 0
80000000 - C0000000 | 1 GB | DDR | CPU window 1
C0000000 - D0000000 | 256 MB | DDR | CPU window 2
D0000000 - D2000000 | 32 MB | | Internal regs
empty space | | |
D8000000 - D8010000 | 64 KB | | CCI regs
empty space | | |
E0000000 - E8000000 | 128 MB | DDR | CPU window 3
E8000000 - F0000000 | 128 MB | PCIe | CPU window 4
empty space | | |
FFF00000 - end | 64 KB | | Boot ROM
This can be improved by taking into account that:
- CCI window can be moved (the base address is only hardcoded in TF-A;
U-Boot and Linux will not break with changing of this address)
- PCIe window can be moved (upstream U-Boot can change device-tree
ranges of PCIe if PCIe window is moved)
Change the layout after the Internal regs as such:
D2000000 - F2000000 | 512 MB | DDR | CPU window 3
F2000000 - FA000000 | 128 MB | PCIe | CPU window 4
empty space | | |
FE000000 - FE010000 | 64 KB | | CCI regs
empty space | | |
FFF00000 - end | 64 KB | | Boot ROM
(Note that CCI regs base address is moved from D8000000 to FE000000 in
all cases, not only for the configuration with 4 GB of DRAM. This is
because TF-A is built with this address as a constant, so we cannot
change this address at runtime only on some boards.)
This yields 3.75 GB of usable RAM.
Moreover U-Boot can theoretically reconfigure the PCIe window to DDR if
it discovers that no PCIe card is connected. This can add another 128 MB
of DRAM (resulting only in 128 MB of DRAM not being used).
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Change-Id: I4ca1999f852f90055fac8b2c4f7e80275a13ad7e
Reference Design platform RD-Daniel-ConfigXLR has been renamed to
RD-V1-MC. Correspondingly, remove all uses of 'rddanielxlr' and replace
it with 'rdv1mc' where appropriate.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: I5d91c69738397b19ced43949b4080c74678e604c
Reference Design platform RD-Daniel has been renamed to RD-V1.
Correspondingly, remove all uses of 'rddaniel' and replace it with
'rdv1' where appropriate.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: I1702bab39c501f8c0a09df131cb2394d54c83bcf
This patch fixes the non compliant code like missing braces for
conditional single statement bodies.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I95b410ae5950f85dc913c4448fcd0a97e0fd490c
Only non-file targets should be set a .PHONY. Otherwise if file target is
set as .PHONY then targets which depends on those file .PHONY targets would
be always rebuilt even when their prerequisites are not changed.
File target which needs to be always rebuilt can be specified in Make
system via having a prerequisite on some .PHONY target, instead of marking
whole target as .PHONY. In Makefile projects it is common to create empty
.PHONY target named FORCE for this purpose.
This patch changes all file targets which are set as .PHONY to depends on
new .PHONY target FORCE, to ensure that these file targets are always
rebuilt (as before). Basically they are those targets which calls external
make subprocess.
After FORCE target is specified in main Makefile, remove it from other
Makefile files to prevent duplicate definitions.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Iee3b4e0de93879b95eb29a1745a041538412e69e
Introduce a new build option CM3_SYSTEM_RESET for A3700 platform, which,
when enabled, adds code to the PSCI reset handler to try to do system
reset by the WTMI firmware running on the Cortex-M3 secure coprocessor.
(This function is exposed via the mailbox interface.)
The reason is that the Turris MOX board has a HW bug which causes reset
to hang unpredictably. This issue can be solved by putting the board in
a specific state before reset.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Change-Id: I3f60b9f244f334adcd33d6db6a361fbc8b8d209f